Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS12OXA5LTUzNXctNDI4Nc0shg

Critical EPSS: 0.05124% (0.89403 Percentile) EPSS:
Permalink JSON

Prototype Pollution in litespeed.js and appwrite/server-ce

Affected Packages Affected Versions Fixed Versions
packagist:appwrite/server-ce < 0.11.1, >= 0.12.0, < 0.12.2 0.11.1, 0.12.2
0 Dependent packages
0 Dependent repositories
16,383 Downloads total

Affected Version Ranges

All affected versions

0.1.13, 0.1.15, 0.2.0, 0.3.0, 0.4.0, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.6.0, 0.6.1, 0.6.2, 0.7.0, 0.7.1, 0.7.2, 0.8.0, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.10.4, 0.11.0, 0.12.0, 0.12.1

All unaffected versions

0.11.1, 0.11.2, 0.12.2, 0.12.3, 0.12.4, 0.13.0, 0.13.1, 0.13.2, 0.13.3, 0.13.4, 0.14.0, 0.14.1, 0.14.2, 0.15.0, 0.15.1, 0.15.2, 0.15.3, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.1.0, 1.1.1, 1.1.2, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.3.7, 1.3.8, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.4.9, 1.4.10, 1.4.11, 1.4.11, 1.4.12, 1.4.13, 1.4.14, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.5.8, 1.5.9, 1.5.10, 1.5.11, 1.6.0, 1.6.1, 1.6.2, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4
npm:litespeed.js < 0.3.12 0.3.12
7 Dependent packages
18 Dependent repositories
464 Downloads last month

Affected Version Ranges

All affected versions

0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.1.7, 0.1.8, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.2.6, 0.2.7, 0.2.8, 0.2.9, 0.3.0, 0.3.1, 0.3.2, 0.3.3, 0.3.5, 0.3.6, 0.3.7, 0.3.9, 0.3.10, 0.3.11

All unaffected versions

0.3.12

This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution vulnerability.

References:

Identifiers

GHSA-v9p9-535w-4285

CVE-2021-23682

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.05124

EPSS Percentile: 0.89403

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/appwrite/appwrite

Date and time

Published

over 3 years ago

Updated

over 2 years ago

API

JSON